Slashdot Mirror

← Back to Stories (view on slashdot.org)

Equifax Lobbied For Easier Regulation Before Data Breach (wsj.com)

Posted by msmash on from the more-details-emerge dept.

WSJ reports: Equifax was lobbying lawmakers and federal agencies to ease up on regulation of credit-reporting companies in the months before its massive data breach. Equifax spent at least $500,000 on lobbying Congress and federal regulators in the first half of 2017, according to its congressional lobbying-disclosure reports. Among the issues on which it lobbied was limiting the legal liability of credit-reporting companies. That issue is the subject of a bill that a panel of the House Financial Services Committee, which oversees the industry, discussed the same day Equifax disclosed the cyberattack that exposed personal financial data of as many as 143 million Americans. Equifax has also lobbied Congress and regulatory agencies on issues around "data security and breach notification" and "cybersecurity threat information sharing," according to its lobbying disclosures. The amount Equifax spent in the first half of this year appears to be in line with previous spending. In 2016 and 2015, the company's reports show it spent $1.1 million and $1.02 million, respectively, on lobbying activities. While the company had broadly similar lobbying issues in those years, the liability matter was new in 2017.

2 of 104 comments (clear)

  1. I have the same combination on my luggage! by xxxJonBoyxxx · · Score: 4, Interesting

    Until at least late 2016, there was this hardcoded into their mobile app (http://www.apkmonk.com/app/com.equifax/):

    UtilitiesHandler.java
                    static final String masterKey = "EqUiFaX2468";

    Not quite "1...1!...2....2!..." but it's pretty darn close.

    To be fair, I couldn't tell if it's actually ever used in the mobile app. It seems like the kind of intentionally stupid/obvious password-but-not-really-a-password string you'd leave hanging around in a file on the network if you were tuning your DLP. (The full Zip code of the company is 30309-2468 so the "plus 4" is probably where the ending came from.)

  2. Re:Just think... by tlhIngan · · Score: 4, Interesting

    Actually, according to the summary, they spent at least $2.6 MILLION dollars in just the last 2.75 years, alone. Imagine how much that money COULD have done if they had used it to hire a few good security engineers and made meaningful changes.

    You guys are looking at it the wrong way. You're looking at it as a victim, you should look at it as what it brought them.

    With this one breach, that $2.6M is now completely wasted - in fact, it's even worse since it's now achieving the opposite effect - instead of trying to buy reduced scrutiny, their failure to spend on security is working against their campaigning. Even worse, it's brought government scrutiny on all the credit reporting agencies, with increased regulation likely the result.

    By failing to spend on security, Equifax has basically made life in their industry much harder for everyone. Ezperian and TransUnion should be applying peer pressure for making it much more expensive to do business now.because any law that comes down, any scrutiny that happens will apply equally to all three of them.

    And financial institutions HATE government oversight.; When "too big to fail" banks started having government oversight as required by their bailout packages, they couldn't get rid of them fast enough.

    That's how you're supposed to frame it. Protecting your data? You're not worth that much to them. But ensuring their future is free of government oversight and extra regulation? That's something that does affect them directly and the cost of doing business